As the name suggests, it’s concerned with protecting the individual data of all EU citizens, something that has been identified as a fundamental human right and, therefore, is being treated with all the seriousness this deserves.

This is also reflected in the penalties for failing to comply, which could potentially be as high as 4% of an offending organisation’s annual revenue or 20 million euros, depending on circumstances.

The kinds of breaches that the regulation covers include failing to keep customers details safe as well as making it obligatory to report any data breaches as soon as possible after they occur. It also covers a far wider range of personal information than ever before, including IP addresses, device IDs and location data. It even goes as far as protecting an individual’s genetic and biometric information.

While this is a Europe-wide initiative, the GDPR could also have major ramifications for countries in the Middle East as any business that has dealings with EU countries, or holds any data concerning EU citizens, will have to comply and will face the same sanctions if they fail to do so.

As different countries in the region have their own data protection protocols, some stricter than others, it won’t be a question of a “one size fits all” solution and each country would do well to seek some clarity on GDPR if they are to make themselves truly compliant.

There will be a number of requirements to achieve compliance including these principal ones:

- Any organisation based in the Middle East that processes the data of EU citizens will need to designate a representative in the EU.- Data breaches must be notified within 72 hours of them occurring and affected individuals may also have to be notified.- Privacy-by-design will be the obligatory approach so, for example, before any high-risk data processing is carried out, a privacy impact assessment will have to be done and any identified risks will need to be mitigated.- Any organisation that carries out high volumes of processing using sensitive data will have to appoint an official Data Protection Officer.- People whose data is on file will need to have the right to have all records of them erased and the data holders will have to ensure that they can do this.

Doha - Qatar Skyline (CC BY-SA 2.0) by jikatu

Some countries have already taken great strides towards compliance. For example, in 2016, Qatar brought its own Data Privacy and Protection Law into force and others have also taken strides towards tightening up their rules.

For instance, the governmental body of the Dubai International Financial Centre has also recently enforced a new privacy policy, although it still falls some way short of the requirements of the GDPR.

So these next few months will certainly be a challenging time for all Middle Eastern organisations who aim to trade with Europe. But the result will hopefully be a more secure world for individuals and businesses at a time when data attacks and breaches are undoubtedly on the increase all across the globe.

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

UAE. 10% of the total real estate debt market could come from private providers within the next decade; Report outlines how diversified debt sources and alternative financing structures will boost lending competition and in turn inject new capital into the real estate market.

UAE. Transformational reform is playing its part in stimulating the deal market across the region according to PwC Middle East's new report "TransAct ME - Deals trends and outlook for the Middle East" published today.

UAE. 10% of the total real estate debt market could come from private providers within the next decade; Report outlines how diversified debt sources and alternative financing structures will boost lending competition and in turn inject new capital into the real estate market.